this detection was added to avast definitions on 07.09.2004
so if you remember (or look it up in avast reports/Logs or WIN’s Event-Log),
WHEN you first got this AV-alert first):
try identify the mail by its date
or move the recent mails (since Sep.04 or so) from the INBOX to various new, empty mail folders and narrow it down like this
or try an OnlineScan with www.bitdefender.com → if mailscanning is enabled there, it MIGHT give you the Subject of the infected/suspicious mail
After you know which mail it is
→ delete it with avast Shield paused, empty mail-trash and Compress/compact/CleanUp all Mailfolders afterwards. Then reenable avast shield
btw: imho this wouldn’t have happened with avast mailscanner module enabled → why don’t you use this, if you use outlook ?
P.S.: It usually isn’t a good idea, to keep tons of mails together in the INBOX
P.P.S.: make sure you have all WindowsUpdates applied (including those for IE & outlook), disable mailpreview and auto-opening of attachments in outlook, if you wish to use this notoriously unsafe Mail-program
If you absolutely don’t want to get rid of it by deleting the entire content of your inbox, there’s no safe solution.
And Who is right: get yourself another mailprogram to avoid this in the future. (no means to offend you!)
There are a lot of free, safe solutions like Pegasus, iScribe, Vivian and Gemail. (the last one however only in German language)
Please do yourself a favor and abandon OutlookExpress as soon as possible
of course there is… splitting up the INBOX: tedious, but that should do it (see above)
of course: all WindowsUpdates incl those for IE & OE must be applied first
I see what you mean, wow this might take some time. It means moving each single mail one by one, am I correct ?
Would the on-acces scanner, in default mode, alarm him while moving the files around, or does he have to scan each folder separately ?
the offending message rendered in text only would show a page or so of nonsense text after the message making it easier to identify which one to delete?
as far as I gathered from the JS/ZEROLIN-descriptions, it would not be complete nonsense with weird fancy characters, but script language; might not be easy for inexperienced users to tell this apart from rather harmless HTML-mails or so
Never having used Outlook, I’m not sure if you can open the OE-INBOX in a texteditor; is it not compressed… ?
but this would be a worthwhile approach, too (inbox-file should be COPIED first, not worked on the original)
@fast: not exactly, first move the messages from the last two month or so together in a new mailfolder and recheck (because this malware doesn’t really exist for so long)
